In the early 2000’s, we quickly realized that our contracting clients would be at financial risk if they had HIPAA violations resulting in penalties and fines. So we created a HIPAA Policies & Procedures Manual for physician practices. We completely revised it in 2013 when the new HITECH regulations became the HIPAA standard that exists today. We monitor HHS and the Office for Civil Rights websites for any significant changes, so you don’t have to. More than 20 HIPAA privacy and HIPAA security tools and patient communication templates are included.
Equally important, our HIPAA Online Staff Training has enjoyed huge success with over 15,000 trainings to date. It aligns with our HIPAA Manual, is entertaining, informative and meets the obligations of HIPAA by documenting training completion by every workforce member. Practice Administrators appreciate the efficient time savings of the online format and employees appreciate the convenience. HIPAA training can be easily set up for an entire staff to coordinate with the implementation of a new HIPAA Policies & Procedures Manual. Going forward, HIPAA training can become part of a compliant on-boarding process for all new staff joining a practice.
Among the privacy and security topics included:
- Privacy officer job description
- Protected Health Information (PHI) policy
- Security Rules and Risk Management
- Emailing/faxing PHI
- Breach Notification Requirements
- Business Associates subcontractor agreement form
- Workforce Training Policies
- Open Door Policy
- Non-retaliation Policy
- Security Risk Assessment tool
- Emergency Preparedness Plan
After your Practice's HIPAA Outpatient Practice Policies and Procedures manual has been created, ask your legal counsel to review it. Government compliance regulations change over time and regulations may differ from state to state. A legal review is critical before production and distribution.
This manual template is current as of 2019. Changes in laws, rules, and regulations may require periodic updates to this manual. In addition, changes to your Practice might warrant updates to your HIPAA policies and procedures and staff training. An example: if your Practice implements an entirely new computer system or EMR system, this would necessitate that all workforce members receive new HIPAA training.
COPYRIGHT LICENSE AGREEMENT
Copyright ©2021 Physicians' Ally, Inc.
All rights reserved. This product is copyrighted by Physicians' Ally, Inc.. No part of this publication may be reproduced, stored in a retrieval system or transmitted, in any form or by any means, electronic, mechanical, photocopying, recording or otherwise without the prior written permission of the copyright owner.
It is the duty of the practice's stakeholders to make sure the final HIPAA Outpatient Practice Policies and Procedures manual has been fully customized for the practice.
You acknowledge that additional customization and legal review is necessary to ensure a HIPAA-compliant manual.
HIPAA provides federal regulations for privacy law. State privacy law trumps national HIPAA law. The HIPAA Outpatient Practice Policies and Procedures manual does not identify or encompass specific state laws that are, or may be, contrary to or preempted by HIPAA. If a state law provision is contrary to the provisions of HIPAA, it is preempted by HIPAA, pursuant to 45 C.F.R. 160.203. If a state law is not contrary to HIPAA, and provides greater protections or privacy rights for patients than HIPAA, you should comply with the state law.
In addition, state laws that specifically address minor children will supersede the Minor Children policy included in the manual.
You acknowledge that state law regarding HIPAA laws is outside the scope of the manual.
After your practice's MGMA HIPAA Outpatient Practice Policies and Procedures manual has been created, ask your legal counsel to review it. Government compliance regulations change over time and regulations may differ from state to state. A legal review is critical before production and distribution.
This manual template is current as of 2015. Changes in laws, rules, and regulations may require periodic updates to this manual. In addition, changes to your practice might warrant updates to your HIPAA policies and procedures and staff training.